| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jan 2021 15:59:25 -0500
From: Tejun Heo <tj@...nel.org>
To: Vipin Sharma <vipinsh@...gle.com>
Cc: thomas.lendacky@....com, brijesh.singh@....com, jon.grimm@....com,
eric.vantassell@....com, pbonzini@...hat.com, seanjc@...gle.com,
lizefan@...wei.com, hannes@...xchg.org, frankja@...ux.ibm.com,
borntraeger@...ibm.com, corbet@....net, joro@...tes.org,
vkuznets@...hat.com, wanpengli@...cent.com, jmattson@...gle.com,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
gingell@...gle.com, rientjes@...gle.com, dionnaglaze@...gle.com,
kvm@...r.kernel.org, x86@...nel.org, cgroups@...r.kernel.org,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [Patch v4 1/2] cgroup: svm: Add Encryption ID controller
Hello,
On Thu, Jan 07, 2021 at 05:28:45PM -0800, Vipin Sharma wrote:
> 1. encrpytion_ids.sev.max
> Sets the maximum usage of SEV IDs in the cgroup.
> 2. encryption_ids.sev.current
> Current usage of SEV IDs in the cgroup and its children.
> 3. encryption_ids.sev.stat
> Shown only at the root cgroup. Displays total SEV IDs available
> on the platform and current usage count.
Sorry, should have raised these earlier:
* Can we shorten the name to encids?
* Why is .sev a separate namespace? Isn't the controller supposed to cover
encryption ids across different implementations? It's not like multiple
types of IDs can be in use on the same machine, right?
> Other ID types can be easily added in the controller in the same way.
I'm not sure this is necessarily a good thing.
> +/**
> + * enc_id_cg_uncharge_hierarchy() - Uncharge the enryption ID cgroup hierarchy.
> + * @start_cg: Starting cgroup.
> + * @stop_cg: cgroup at which uncharge stops.
> + * @type: type of encryption ID to uncharge.
> + * @amount: Charge amount.
> + *
> + * Uncharge the cgroup tree from the given start cgroup to the stop cgroup.
> + *
> + * Context: Any context. Expects enc_id_cg_lock to be held by the caller.
> + */
> +static void enc_id_cg_uncharge_hierarchy(struct encryption_id_cgroup *start_cg,
> + struct encryption_id_cgroup *stop_cg,
> + enum encryption_id_type type,
> + unsigned int amount)
> +{
> + struct encryption_id_cgroup *i;
> +
> + lockdep_assert_held(&enc_id_cg_lock);
> +
> + for (i = start_cg; i != stop_cg; i = parent_enc(i)) {
> + WARN_ON_ONCE(i->res[type].usage < amount);
> + i->res[type].usage -= amount;
> + }
> + css_put(&start_cg->css);
I'm curious whether this is necessary given that a css can't be destroyed
while tasks are attached. Are there cases where this wouldn't hold true? If
so, it'd be great to have some comments on how that can happen.
> +/**
> + * enc_id_cg_max_write() - Update the maximum limit of the cgroup.
> + * @of: Handler for the file.
> + * @buf: Data from the user. It should be either "max", 0, or a positive
> + * integer.
> + * @nbytes: Number of bytes of the data.
> + * @off: Offset in the file.
> + *
> + * Uses cft->private value to determine for which enryption ID type results be
> + * shown.
> + *
> + * Context: Any context. Takes and releases enc_id_cg_lock.
> + * Return:
> + * * >= 0 - Number of bytes processed in the input.
> + * * -EINVAL - If buf is not valid.
> + * * -ERANGE - If number is bigger than unsigned int capacity.
> + * * -EBUSY - If usage can become more than max limit.
The aboves are stale, right?
> +static int enc_id_cg_stat_show(struct seq_file *sf, void *v)
> +{
> + unsigned long flags;
> + enum encryption_id_type type = seq_cft(sf)->private;
> +
> + spin_lock_irqsave(&enc_id_cg_lock, flags);
> +
> + seq_printf(sf, "total %u\n", enc_id_capacity[type]);
> + seq_printf(sf, "used %u\n", root_cg.res[type].usage);
Dup with .current and no need to show total on every cgroup, right?
Thanks.
--
tejun
Powered by blists - more mailing lists